Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
492
Views
0
Helpful
1
Replies

Dynamic VPN binding with PPP

Jean-Marie NGOK GWEM
Level 1
Level 1

‎09-17-2015 03:12 PM - edited ‎03-01-2019 02:55 PM

Hello the network community,

I am migrating PPPoE services from Junos to Cisco IOS-XE and to achieve this I have created multiple VRFs on the ASR1001-X to separate the forwarding plane and the control plane for the different customers using this service. 

Customers -----> DSL Modems---> DSL SWITCH -----> Access Switch ---(Vlan Trunking) ---> PPPoE Aggregator (ASR1k) --- (Multiple VRFs) --> Core PE1

 

PPPoE Agg:

!
aaa new-model        
!
aaa group server radius DSL_AAA
 server 192.168.1.1 auth-port 1812 acct-port 1813 key <key id>
 server 192.168.1.2 auth-port 1812 acct-port 1813 key <key id>
!
aaa authentication login default local
aaa authentication ppp pppoe_auth_list group DSL_AAA local
aaa authorization network pppoe_auth_list group DSL_AAA local if-authenticated
aaa accounting network default start-stop group radius
!
vrf definition PPPoE
 rd 8055:300
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
interface Lo300
 vrf forwarding PPPoE
 ip address 10.10.10.10 255.255.255.255
!
interface Port-channel2.300
 description to Core PE1
 vrf forwarding PPPoE
 ip address 172.16.15.1 255.255.255.252
!
bba-group pppoe bba300
 virtual-template 300
 sessions per-mac limit 10
 sessions per-vlan limit 300
 exit
!
interface virtual-template 300
 description pppoe bba300(vlan300)
 vrf forwarding PPPoE
 mtu 1492
 ip helper-addres 192.168.100.200
 ip unnumbered loopback 300
 peer default ip address dhcp
 ppp authentication pap callin pppoe_auth_list
 ppp authorization pppoe_auth_list
!
interface range Port-channel1.2000 - Port-channel1.2015
 encapsulation dot1Q 2000
 pppoe enable group bba300
 pppoe max-sessions 1000
!

......

 

A radius server is used to authenticate each customer, assign an IP address and bind it to a VPN. 

 

Do you think this solution will work ? if not why ?

 

And don't worry about the book (http://www.ciscopress.com/store/building-mpls-based-broadband-access-vpns-9781587051364) I have read it dozen times and I can't fully test this with the known network simulators.

 

Your help will be truly appreciated...

 

Thanks,

JM

Labels:
0 Helpful
1 Reply 1

Jean-Marie NGOK GWEM
Level 1
Level 1

‎09-18-2015 07:48 PM

No one available to take this bull ?

0 Helpful
Customers Also Viewed These Support Documents